Increasing the affairs of individuals and enterprises are being conducted in an automated manner over the Internet. Enterprises now engage in selling their products and services over the Internet; individuals also engage in communicating with one another over the Internet; employees may also engage in accessing secure resources of their employers over the Internet, etc.
One ever present and daunting issue with this activity is Internet security. Some transactions may be innocuous and may not require any substantial security. However, a growing number of transactions do involve sensitive material associated with enterprises and individuals, such as corporate secrets, personal data, etc. A variety of security mechanisms exist to address this issue.
For example, some enterprises may install dedicated connections for secure communications between parties. Yet, this approach is less pervasive with the advent of Virtual Private Network (VPN) techniques. A VPN permits an insecure connection to be used to achieve secure communications between parties engaged in a transaction.
VPN transactions use authentication and encryption techniques for purposes of ensuring that communications are secure. Essentially, a VPN permits insecure communications lines to be used in a secure manner.
A common challenge faced by most VPN solutions is the ability to restrict access on a client machine, which is providing a VPN to just one or to selective users when other users also desire access to the client but not necessarily to secure assets of the machine, which are under the control of the VPN session. Typically, the manner in which this is addressed is via a firewall, such that ports to the client are blocked and once a VPN is initiated any additional users desiring to log into the machine are blocked from doing so. Yet, this approach is obviously unacceptable for many valid users that have legitimate reasons to log into the machine without a VPN connection, where those valid users are actively blocked by the firewall because of the existence of the VPN connection that they are not interested in at all.
Consequently, there is a need for improved techniques for selectively controlling VPN access on a desktop having a multiuser environment.